Sign in!
ECTF Kickoff
Slides: l.acmcyber.com/ectf-week3
Week 3
Introductions!
What is eCTF?
eCTF stands for embedded capture the flag, meaning it is a capture the flag competition dealing with embedded systems.
It is an inter-collegiate competition with other teams including CMU and UIUC
The competition runs from 01/15 to 04/16.
What is eCTF?
Week 1-6: spent creating and defending the system
Week 7-12: spent attacking other teams systems
Advised by our very own Professor Sehatbakhsh!
eCTF Details
Embedded systems: Small devices that are in the intersection between hardware and software (in our case, microcontrollers!)
Teams will be using a combination of software and hardware attacks to hack other systems
Check out UCSC’s design/implementation for eCTF 2023 here! (They got 2nd place)
eCTF Last Year
Last year, teams secured a supply chain solution for microcontrollers on a medical device.
We used Rust to develop the majority of the software for our device (pain)
Attempted an I2C man in the middle attack
Changes for this year
This year’s theme will be to develop a secure program for satellite systems!
We plan to use C to develop the majority of the software for our device
Workshop(s)/lectures on programming on microcontrollers & on attacking IoT devices
Winter quarter course credit!!!!
Workshops???
We plan to host a workshop on MCU programming sometime during week 8
Possibility of attack-oriented workshops if time permits (late Fall/early Winter quarter)
Plan for this quarter
Cryptography
Encrypting and decrypting messages for secure communication
The main defense against adversaries trying to forge identities
One of the main vectors of attack is through the misuse of cryptography!
We will be going over the basics of cryptography and how we can use it in our code
Embedded Systems & Programming
During the competition we will need to write code that will interface with our embedded systems
Improper programming will possibly leave vulnerabilities in our code
We will be going over the basics of embedded systems, how to understand them, and how to write code for them
Binary Exploitation
Exploiting the quirks in machine code that happen due to uncareful programming (Exploiting the binary)
For example, overflowing an array in C to overwrite a function return address (Buffer overflow)
This was the most common type of attack teams performed last year
We will be going over the concepts of exploiting compiled C binaries
Analyzing attacks
After going through all the prerequisite material, and before the start of the competition, we will be going over attacks that were used last year
We will be performing the attacks physical boards to give a feel on how the competition will go
We will also be covering how and why these attacks work so everyone can get a feel on how to perform them
We will be having our sign-up at this session!
Thank you!